Method and system for authorizing transactions based on relative location of devices

ABSTRACT

Aspects of a method and system for authorizing transactions based on relative location of devices are provided. In this regard, data relating to a location of a first communication device and data relating to a location of a second communication device may be received, a distance between the first communication device and the second communication device may be determined based on the received data, and whether to approve a transaction may be determined based on the determined distance. The transaction may have been initiated from one of the first communication device and the second communication device, and may comprise a need to access an account. The transaction may be approved in instances that the first communication device and the second communication device are within a predetermined distance of each other. The received data may comprise distance information determined via communications between the first communication device and the second communication device.

CROSS-REFERENCE TO RELATED APPLICATIONS/INCORPORATION BY REFERENCE

This patent application makes reference to, claims priority to andclaims benefit from:

U.S. Provisional Patent Application Ser. No. 61/304,947 (Attorney DocketNo. 20997US01) filed on Feb. 16, 2010;U.S. Provisional Patent Application Ser. No. 61/312,979 (Attorney DocketNo. 21007US01) filed on Mar. 11, 2010;U.S. Provisional Patent Application Ser. No. 61/312,994 (Attorney DocketNo. 21008US01) filed on Mar. 11, 2010;U.S. Provisional Patent Application Ser. No. 61/303,794 (Attorney DocketNo. 21009US01) filed on Feb. 12, 2010; andU.S. Provisional Patent Application Ser. No. 61/609,260 (Attorney DocketNo. 21024US01) filed on Mar. 1, 2010.

This Application also makes reference to:

U.S. patent application Ser. No. ______ (Attorney Docket No. 20997US02)filed on even date herewith;U.S. patent application Ser. No. ______ (Attorney Docket No. 21007US02)filed on even date herewith;U.S. patent application Ser. No. ______ (Attorney Docket No. 21009US02)filed on even date herewith; andU.S. patent application Ser. No. ______ (Attorney Docket No. 21024US02)filed on even date herewith.

Each of the above stated applications is hereby incorporated herein byreference in its entirety.

FIELD OF THE INVENTION

Certain embodiments of the invention relate to networking. Morespecifically, certain embodiments of the invention relate to a methodand system for authorizing transactions based on relative location ofdevices.

BACKGROUND OF THE INVENTION

The security of electronic networks continues to grow in importance asmore and more sensitive information is stored electronicallycommunicated via such electronic networks. Businesses seeking to protecttrade secrets and individuals seeking to protect their credit andidentity are two primary forces driving the need for stronger networksecurity. In this regard, the fact that such problems are prevalenttoday illustrates may be an indication that traditional securitytechniques such as username/password requirements and various encryptiontechniques are insufficient in many instances.

Further limitations and disadvantages of conventional and traditionalapproaches will become apparent to one of skill in the art, throughcomparison of such systems with some aspects of the present invention asset forth in the remainder of the present application with reference tothe drawings.

BRIEF SUMMARY OF THE INVENTION

A system and/or method is provided for authorizing transactions based onrelative location of devices, substantially as illustrated by and/ordescribed in connection with at least one of the figures, as set forthmore completely in the claims.

These and other advantages, aspects and novel features of the presentinvention, as well as details of an illustrated embodiment thereof, willbe more fully understood from the following description and drawings.

BRIEF DESCRIPTION OF SEVERAL VIEWS OF THE DRAWINGS

FIG. 1 is a block diagram illustrating an exemplary communication systemthat enables authorization of transactions based on relative location ofdevices, in accordance with an embodiment of the invention.

FIG. 2 is a block diagram illustrating an exemplary communication devicethat may enable and/or utilize location based services, in accordancewith an embodiment of the invention.

FIG. 3 is a block diagram illustrating an exemplary location server, inaccordance with an embodiment of the invention.

FIG. 4 is a flow chart illustrating exemplary steps for authorizingtransactions based on relative location of devices, in accordance withan embodiment of the invention.

DETAILED DESCRIPTION OF THE INVENTION

Certain embodiments of the invention may be found in a method and systemauthorizing transactions based on relative location of devices. Invarious embodiments of the invention, data relating to a location of afirst communication device and data relating to a location of a secondcommunication device may be received, a distance between the firstcommunication device and the second communication device may bedetermined based on the received data, and whether to approve atransaction may be determined based on the determined distance. Thetransaction may have been initiated from one of the first communicationdevice and the second communication device, and may comprise a need toaccess an account. The transaction may be approved in instances that thefirst communication device and the second communication device arewithin a predetermined distance of each other. The received data maycomprise global navigation satellite system (GNSS) coordinates. Thereceived data may comprise distance information determined viacommunications between the first communication device and the secondcommunication device. The communications between the first communicationdevice and the second communication device may be in accordance withBluetooth and/or IEEE 802.11 standards, for example. The firstcommunication device and the second communication device may beassociated, in a database, with the account. Whether to approve thetransaction may be determined based on preferences associated, in thedatabase, with one or both of the first communication device and thesecond communication device. The transaction may comprise an electronicpayment or funds transfer. Determining whether to approve thetransaction may occur in response to a request from a network device. Aresult of the determination of whether to approve the transaction may becommunicated to the network device.

FIG. 1 is a block diagram illustrating an exemplary communication systemthat enables authorizing transactions based on device location, inaccordance with an embodiment of the invention. Referring to FIG. 1,there is shown a communication system 100 comprising communicationdevices 102 and 104, a mobile core network 110, wireless access points(APs) 112 a and 112 b, a cellular basestation (BS) 114, a WorldwideInteroperability for Microwave Access (WiMAX) BS 116, a broadcast tower118, a Global Navigation Satellite Systems (GNSS) network 120, aplurality of GNSS satellites 122 a-122 n, the Internet 130, a locationserver 140, and a satellite reference network (SRN) 150. Thecommunication devices 102 and 104 may be at locations 106 and 108,respectively.

The GNSS network 120 may comprise suitable logic, circuitry, interfaces,and/or code that may provide navigation information to land-baseddevices via satellite links. The GNSS network 120 may providepositioning information via downlink satellite links transmitted toland-based devices, such as the mobile communication devices 102 and104, to enable determining their locations. In this regard, the GNSSnetwork 120 may comprise, for example, the plurality of GNSS satellites122 a-122 n, each of which is operable to provide satellitetransmissions based on a global navigation satellite system (GNSS).Exemplary GNSS systems may comprise, for example, the Global PositioningSystem (GPS), GLONASS and/or Galileo based satellite system. Theplurality of GNSS satellites 122 a-122 n may directly providepositioning information and/or a land-based device may utilize satellitetransmissions from different satellite to determine its location using,for example, triangulation based techniques.

The Internet 130 may comprise a system of interconnected networks and/ordevices that enable exchange of information and/or data among aplurality of nodes, based on one or more networking standards,including, for example, Internet Protocols (IP). The Internet 130 mayenable, for example, connectivity among a plurality of private andpublic, academic, business, and/or government nodes and/or networks,wherein the physical connectivity may be provided via the PublicSwitched Telephone Network (PSTN), utilizing copper wires, fiber-opticcables, wireless interfaces, and/or other standards-based interfaces.

The mobile core network 110 may comprise suitable logic, circuitry,interfaces, and/or code that are operable to provide interfacing and/orconnectivity servicing among one or more access networks, which may beprovide network accessibility to mobile communication devices, andexternal data networks such as packet data networks (PDNs) and/or theInternet 130. The mobile communication devices 102 and 104 may accessthe mobile core network 110, for example, via the wireless AP 112 a, thecellular BS 114, and/or the WiMAX BS 116. The mobile core network 110may be configured to communicate various data services, which areprovided by external data networks, to associated users.

The wireless APs 112 a and 112 b may each comprise suitable logic,circuitry, interfaces, and/or code that are operable to provide dataservices to communication devices, such as one or more of the mobilecommunication devices 102 and 104, in adherence with one or morewireless LAN (WLAN) standards such as, for example, IEEE 802.11,802.11a, 802.11b, 802.11d, 802.11e, 802.11n, 802.11v, and/or 802.11u.The wireless AP 112 a may communicate with the mobile core network 110,via one or more links and/or associated devices, for example. Thewireless AP 112 b may communicate with the Internet 110, via one or morelinks and/or associated devices, for example. In this manner, thewireless APs 112 a and 112 b may provide network access to the mobilecommunication devices 102 and 104.

The cellular BS 114 may comprise suitable logic, circuitry, interfaces,and/or code that are operable to provide voice and/or data services tocommunication devices, such as one or more of the mobile communicationdevices 102 and 104, in adherence with one or more cellularcommunication standards. Exemplary cellular communication standards maycomprise Global System for Mobile communications (GSM), General PacketRadio Services (GPRS), Universal Mobile Telecommunications System(UMTS), Enhanced Data rates for GSM Evolution (EDGE), Enhanced GPRS(EGPRS), and/or 3GPP Long Term Evolution (LTE). The cellular BS 114 maycommunicate with the mobile core network 110 and/or the Internet 130,via one or more backhaul links and/or associated devices for example. Inthis manner, the cellular BS 114 may provide network access to themobile communication devices 102 and 104.

The WiMAX BS 116 may comprise suitable logic, circuitry, interfaces,and/or code that are operable to provide WiMAX based data services tocommunication devices, such as one or more of the mobile communicationdevices 102 and 104. The WiMAX BS 116 may communicate with the mobilecore network 110 and/or the Internet 130, via one or more backhaul linksand/or associated devices for example. In this manner, the WiMAX BS 116may provide network access to the mobile communication devices 102 and104.

The broadcast tower 118 may comprise, for example, a terrestrial radioand/or terrestrial television transmitter. In this regard, the broadcasttower 118 may transmit television and/or radio in accordance with one ormore broadcast standards such as, for example, AM radio, FM radio, RadioData Services (RDS or RBDS), the Digital Video Broadcasting (DVB) familyof standards, the Advanced Television Systems Committee (ATSC) family ofstandards, the Integrated Services Digital Broadcasting (ISDB) family ofstandards, the Digital Terrestrial Multimedia Broadcast (DTMB) family ofstandards, and the Digital Multimedia Broadcasting (DMB) family ofstandards.

The server 132 may store private and/or secure information, such asfinancial information, which may be accessed during a transaction suchas an electronic funds transfer or online purchase. For example, theserver 132 may store information for credit card holders and may processdebits and/or credits to card-holders accounts. Accordingly, forpurposes of this application, the server 132 may be referred to as a“transaction hosting server.”

The SRN 150 may comprise suitable logic, circuitry, interfaces, and/orcode that are operable to collect and/or distribute data from GNSSsatellites, on a continuous basis. In this regard, the SRN 150 maycomprise a plurality of GNSS reference tracking stations located aroundthe world to provide A-GNSS coverage all the time in both a home networkand/or any visited network. The SRN 150 may utilize satellite signalreceived from various GNSS constellations, such as, for example, theplurality of GNSS satellites 122 a-122 n of the GNSS network 120. Thelocation server 140 may provide location related data when requested todo so.

The location server 140 may comprise suitable logic, circuitry,interfaces, and/or code that are operable to provide and/or supportlocation based services (LBS). In this regard, the location server 140may store and/or process location related data associated withcommunication devices and/or users thereof. The location server 140 maybe operable to maintain, for example, the reference database 142, whichmay comprise profile elements corresponding to each of the mobilecommunication devices 102 and 104, and/or users thereof, for example. Inthis regard, users may register or otherwise establish a location basedservices (LBS) account (also referred to as a profile) with the ownerand/or operator of the location server 140 and the location server 140may store location related data associated with the accounts. LBSaccounts or profiles may, for example, be associated with one or moreusers, one or more communications devices, or a combination thereof.

The location related data may be stored in a reference database 142 inthe location server 140. The location related data may be communicatedsecurely to and from the location server 140 utilizing authenticationand/or encryption mechanisms that may prevent spoofing or otherwisetampering with the requests and/or responses. In various embodiments ofthe invention, location related data stored in the location server 140may comprise GNSS coordinates. In this regard, the location server 140may also be operable to access and/or communicate with the SRN 150, forexample, to collect and/or update location related data independentlyand/or autonomously. The location server 140 may be operable to accessthe SRN 150 to collect GNSS satellite data, and may utilize thecollected GNSS satellite data to generate GNSS assistance data (A-GNSSdata) pertaining to, and/or associated with the mobile communicationdevices 102 and 104. In various embodiments of the invention, locationrelated data stored in the location server 140 may be collected and/orretrieve location related data from the mobile communication devices 102and 104. In this regard, the location related data may be uploaded tothe location server 140 via any available means such as the APs 112 aand/or 112 b, cellular BS 114, WiMAX BS 116, the Internet 130, and/orother devices such as Femtocells. In some instances, location relateddata may be determined via ranging and/or triangulation based oncommunications to and/or from one or more of the APs 112 a and/or 112 b,cellular BS 114, WiMAX BS 116, and broadcast tower 118. Similarly, insome instances, location related data may be determined via rangingbased on communications between the communication devices 102 and 104.

The location server 140 may be operable to communicate the storedlocation related data when requested to do so. In addition, thereference database 142 maintained in the location server 140 may bemodified, refined, and/or updated. The modification may be performed,for example, based on location related data received from the SNR 150and/or from the mobile communication devices 102 and 104 and/or othercommunication devices in the system 100. The location related data maybe uploaded, for example, by users logging in to the location server 140and manually updating preferences, permissions, and/or other locationrelated data. Additionally or alternatively, location related data maybe updated, for example, automatically. Such automatic uploading and/orupdating may, for example, be performed periodically, occasionally,and/or upon the occurrence of certain events, such as an attemptedtransaction, completed transaction, and/or data reaching a particularage.

Various security protocols and/or procedures may be used and/orimplemented within the system 100 to ensure secure exchange of locationrelated data among, for example, devices, such as the communicationdevices 102 and 104, associated with LBS accounts and/or devices, suchas the transaction processing server 132, seeking to authenticatedevices and/or users associated with an LBS account. In this regard,each of the communication devices 102 and 104 may comprise a securitysubsystem that may be operable to communicate reliable and securelocation information to the location server 140. The security subsystemmay comprise, for example, dedicated hardware and/or one or more secureapplications running on the communication device 104.

The communication devices 102 and 104 may each comprise suitable logic,circuitry, interfaces and/or code to communicate via one or more wiredand/or wireless connections. In this regard, the communication devices102 and 104 may each be operable to transmit and/or receive signals toand/or from one or more of the APs 112 a and 112 b, the cellular BS 114,the WiMAX BS 116, the GNSS network 120, and the broadcast tower 118. Thecommunication devices 102 and 104 may each comprise, for example, aphone, a laptop, or a personal media player.

In operation, a transaction, such as an online purchase utilizing acredit card, may be attempted from the communication device 102 and thepurchase may be processed on to the transaction hosting server 132. Inthis regard, the server 132 may attempt to process the payment bychecking the credit card's balance and/or availability of funds. Uponaccessing the credit card account, the server 132 may determine that aLBS account is associated with the credit card account and that the cardowner has enrolled in location based authentication. Accordingly, theserver 132 may send a request to the location server 140 to have thelocation server 140 approve the transaction. The request may includeinformation identifying the device 102 and/or location 108 from whichthe transaction is being attempted.

Upon receiving the request for approval, the location server 140 mayaccess the LBS account associated with the credit card account anddetermine that communication devices 102 and 104 are associated with theLBS account. The LBS server 140 may then determine the distance betweenthe communication devices 102 and 104. In some instances, the distancemay be determined utilizing location related data previously stored inthe database 142. However, in other instances, the location server 140may request updated location related information from one or both of thecommunication devices 102 and 104 prior to calculating the distance.

In an exemplary embodiment of the invention, upon receiving a request toapprove a transaction associated with an LBS account that is, in turn,associated with the communication devices 102 and 104, the locationserver 102 may send a request to communication device 104 for thecommunication device 104 to determine a distance to the communicationdevice 102 and report the distance back to the location server 140.Accordingly, the communication device 104 may attempt to communicatewith the communication device 102 utilizing, for example, Wi-Fi, ZigBee,or Bluetooth. In this regard, the communication device 104 may attemptto determine the distance utilizing the method and system described inU.S. patent application Ser. No. ______ (Attorney Docket No. 21004US01).For example, location information may be communicated between secure ortrusted subsystems of the communication devices 102 and 104 such thateach of the communication devices 102 and 104 may be operable toauthenticate, decrypt, and/or otherwise secure or verify the locationinformation.

The formatting and/or type of distance determination may differdepending on the implementation and/or on the particular circumstances.For example, the distance determination may be quantitative, such as anumerical distance or range of distances, or may be more qualitative,such as “in range” or “out-of-range.” In some instances, upondetermining that the transaction was initiated from communication device102, the request to determine distance in accordance with this paragraphmay be sent to the communication device 104. Similarly, upon determiningthat the transaction was initiated from communication device 104, therequest to determine distance in accordance with this paragraph may besent to the communication device 102.

Upon determining the distance between the communication devices 102 and104, the location server 140 may determine whether to approve thetransaction based on the distance. Such a determination may be based ona variety of factors including, for example, preferences and/or rulesassociated with the LBS account. Such preferences and/or rules may beestablished, for example, by the LBS account holder and/or the creditcard company.

The preferences and/or rules may, for example, be based on the type oftransaction. For example, electronic funds transfers or other financialtransactions may only be approved when the communication devices 102 and104 are within X meters. As another example, access to an onlineaccount, such as a financial account, an email account, or a socialnetworking account may be approved only when communication device 102 iswithin Bluetooth or Wi-Fi range of communication device 104.

For financial transactions, the preferences and/or rules may, forexample, be based on the amount involved. For example, transactionsinvolving amounts greater than $X.XX may be approved only when thecommunication devices 102 and 104 are less than X feet apart.Conversely, a rule or preference may be established that, for alltransactions involving less than $X.XX, the transaction may be approvedregardless of the distances between the communication devices 102 and104.

The preferences and/or rules may, for example, be based on the time atwhich the transaction is being attempted. For example, a rule orpreference may be established that all transactions being attemptedbetween the hours of X:XX and Y:YY, and/or on certain days, may beautomatically denied or may automatically trigger additionalauthentication measures when the communication devices 102 and 104 arenot within X meters of each other.

The above rules, preferences, and transactions are just for illustrationand the invention is not so limited.

Upon determining whether to approve or deny the transaction, thelocation server 140 may then communicate the approval or denial to theserver 132 and the server 132 may proceed accordingly.

FIG. 2 is a block diagram illustrating an exemplary communication devicethat may enable and/or utilize location based services, in accordancewith an embodiment of the invention. Referring to FIG. 2 there is showna communication device 200, a processor 202, a system memory 204, asystem bus 206, a communication subsystem 210, a plurality of interfaceprocessing blocks 212 a-212 n, a security subsystem 220, and atransaction management processing block 230. The communication device200 may be substantially similar to the communication devices 102 and200 described with respect to FIG. 1.

The communication device 200 may comprise the host processer 202, thesystem memory 204, the system bus 206, the communication subsystem 210,the security subsystem 220, and the transaction management processingblock 230. The communication device 200 may be as described in FIG. 1.In this regard, the communication device 200 may enable reception and/ortransmission of signals during communication via one or more wiredand/or wireless connections. The communication device 200 may also beoperable to support and/or utilize location based services.

The processor 202 may comprise suitable logic, circuitry, interfaces,and/or code that may be operable to process data and/or controloperations of the communication device 200. In this regard, the hostprocessor 202 may be operable to configure and/or control operations ofvarious components and/or systems of the communication device 200, byfor example, providing control signals, controlling data transferswithin the communication device 200, and enabling execution ofapplications, programs and/or code, which may be stored in the systemmemory 204. Such operations of the communication device 200 may comprisedetection and/or identification of the location of the communicationdevice 200. In this manner, the processor 202 may enable thecommunication device 200 to support and/or utilize location basedservices.

The memory 206 may comprise suitable logic, circuitry, and/or code thatmay be operable to store information such as executable instructions anddata that may be utilized for operations of the communication device200, including utilizing and/or supporting location based services. Thememory 206 may comprise RAM, ROM, low latency nonvolatile memory such asflash memory and/or other suitable electronic data storage. One or moreportions of the memory 206 may be secured, e.g., via the securitysubsystem 220, and the security may be implanted and/or enforced inhardware. At least a portion of the memory may be aone-time-programmable and may comprise information that may be utilizedin authenticating the device 200, its user, and/or its location. Thesystem memory 204 may store, for example, information comprisingconfiguration data used during LBS operations in the communicationdevice 200. The configuration data may comprise parameters and/or code,which may comprise software and/or firmware, but the configuration dataneed not be limited in this regard.

The system bus 206 may comprise suitable logic, circuitry, interfaces,and/or code that may enable exchange of data and/or information betweenvarious components and/or systems in the communication device 200. Inthis regard, the system bus may comprise parallel or serial, and/orinternal or external based bus technologies, and/or any combinationsthereof. Exemplary system bus interfaces may comprise Inter-IntegratedCircuit (I²C), Universal Serial Bus (USB), Advanced TechnologyAttachment (ATA), Small Computer System Interface (SCSI), PeripheralComponent Interconnect (PCI), and/or Peripheral Component InterconnectExpress (PCI-e) based interfaces.

The communication subsystem 210 may comprise suitable logic, circuitry,code, and/or interfaces that may enable communication of data, content,and/or messaging from and/or to the communication device 200, based onone or more wired and/or wireless protocols. The communication subsystem210 may comprise, for example, the plurality of processing blocks 212a-212 n that may be operable to perform communication based on wired orwireless standards supported in the communication device 200. In thisregard, each of the plurality of processing blocks 212 a-212 n maycomprise suitable logic, circuitry, interfaces, and/or code that areoperable to detect, receive, and/or transmit signals based on specificfrequency bands and/or modulation schemes. The processing blocks 212a-212 n may also be operable to perform necessary processing operations,which may comprise, for example, buffering, filtering,modulation/demodulation, up-conversion/down-conversion, and/ordigital-to-analog/analog-to-digital conversion. The plurality ofprocessing blocks 212 a-212 n may be configured to support, for example,transmission and/or reception of RF signals during communication basedon Ethernet, Bluetooth, WLAN, cellular, WiMAX, GNSS, FM interfacesand/or protocols.

The security subsystem 220 may comprise suitable logic, circuitry,interfaces, and/or code that may operable to perform security relatedoperations in the communication device 200. In this regard, the securitysubsystem 220 may perform device and/or user authentication, certificateusage, and/or cryptographic operations in the communication device 200.Various security functions may be implemented in hardware to preventsecurity from being circumvented via software and/or firmwaremodifications. In various embodiments of the invention, the securitysubsystem 220 may comprise dedicated hardware and/or one or moreapplications.

In operation, the communication device 200 may be utilized to performnetwork access and/or communication via one or more wired or wirelessinterfaces. In this regard, the communication device 200 may, via thecommunication subsystem 210, receive signals from and/or transmitsignals to the wireless AP 112 a, wireless AP 112 b, the cellular BS114, the WiMAX BS 116, the broadcast tower 118, and/or the Internet 130(e.g., via Ethernet, DSL, and/or cable infrastructure). Duringoperations in the communication device 200, the host processor 202 maymanage and/or control operations of, for example, communicationsubsystem 210 and/or security subsystem 220. In an exemplary aspect ofthe invention, the communication device 200 may be operable to supportLBS application. In this regard, the communication device 200 may beassociated with an LBS account managed via the location server 140.Accordingly, the communication device 200 may communicate, via thecommunication subsystem 210, with the location server 140.

Information communicated between the location server 140 and thecommunication device 200 may be stored in the database 142 indexed by,or otherwise associated with, the LBS account that is associated withthe communication device 200 and/or an owner or user thereof. Thecommunication device 200 may interact with the location server 140 viaone or more of the wireless AP 112 a, wireless AP 112 b, the cellular BS114, the WiMAX BS 116, and/or the Internet 130. During LBS relatedoperations, the communication device 200 may provide, and/or enable thelocation server 140 to determine, the location of the communicationdevice 200. During LBS related operations, the security subsystem 220may support various authentication and/or confidentiality relatedoperations performed via the communication device 200. For example, thesecurity subsystem 220 may prevent a user, via software or firmware,from spoofing the location of the communication device 200. In thisregard, the security subsystem 220 may be trusted by the location server140 and/or other communication devices such as the devices 102 and 104such that location information received from the communication device200 may be trusted and/or relied upon for determining distance.

Additionally, location may be checked via a plurality of methods and ifthe checked methods report inconsistent locations, then the transactionmay not be completed. In some embodiments of the invention, if aminority of the reported locations is inconsistent, then other valididentification means may be requested before the transaction iscompleted. Other identification means may comprise passwords, specialkeys, passphrases, and personal identifying information,

In various embodiments of the invention, the communication device 200may determine its current location, which may be done using, forexample, GNSS signals received via one or more of the plurality ofprocessing blocks 212 a-212 n, LBS data and/or applications provided bythe location server 140, the communication devices 102 and 104, and/orvarious entities, such as the wireless APs 112, the cellular BS 114, andthe WiMAX BS 116, with which the communication devices 102 and 104communicate. The security subsystem 220 may then perform, in conjunctionwith a location server such as the location server 140, userauthentication based on, for example, LBS based data and/orapplications. Once the location of the device 200 is determined, and/ordevice and/or user authentication is performed, transactions, such asdescribed with respect to FIG. 1, may be initiated and/or completed.

FIG. 3 is a block diagram illustrating an exemplary location server, inaccordance with an embodiment of the invention. Referring to FIG. 3there is shown a server 140, a processor 302, a memory 304, a referencedatabase 142, and an interfacing subsystem 310.

The server 140 may comprise the processor 302, the memory 304, thereference database 142, and the interfacing subsystem 310. In thisregard, the server 140 may be operable to provide and/or supportlocation based services (LBS). In an exemplary aspect of the invention,the server 140 may maintain location related data, via the referencedatabase 142, for example. The location related data may be associatedwith communication devices that have an account with, or are otherwiseassociated with, the location based services provider that owns and/oroperates the location server 140. Location related data may, forexample, comprise information associated with location(s) that thecommunication devices 102 and 104 are at and/or locations to which thecommunication devices 102 and 104 have been.

The processor 302 may comprise suitable logic, circuitry, interfaces,and/or code that may be operable to manage and/or control operations ofthe server 140. In this regard, the processor 302 may be operable toconfigure and/or control operations of various components and/or systemsof the location server 140, by providing, for example, control signals.The processor 302 may also control data transfers within the locationserver 140, including data storage and/or retrieval from memory 304and/or generating, storing, and/or updating elements in the referencedatabase 142. The processor 302 may enable execution of applications,programs and/or code, which may be stored in the memory 304 for example,to enable performing various services and/or application requested fromthe location server 140, including location based services (LBS)applications for example.

The memory 304 may comprise suitable logic, circuitry, interfaces,and/or code that enable permanent and/or non-permanent storage and/orfetch of data, code and/or other information used in the location server140. In this regard, the memory 304 may comprise different memorytechnologies, including, for example, read-only memory (ROM), randomaccess memory (RAM), and/or Flash memory. The memory 304 may be operableto store, for example, data and/or code used during LBS operations inthe location server 140. The data and/or code may comprise configurationdata or parameters, and the code may comprise operational code such assoftware and/or firmware, but the information need not be limited inthis regard.

The reference database 142 may comprise suitable logic, circuitry,interfaces, and/or code that may be operable to store location relateddata for one or more LBS accounts, wherein each LBS account may beassociated with one or more communication devices, such as thecommunication devices 102 and 104, and/or owners thereof and/or usersthereof. The reference database 142 may be internally or externallycoupled to the location server 140. The stored location related data maybe collected from and/or provided to associated devices and/or users tosupport LBS applications. The reference database 142 may be operable tomanage and update the stored location related data when requested,dynamically whenever any change is detected, and/or periodically. In anexemplary aspect of the invention, the reference database 142 maycomprise data which may be utilized to approve or deny transactions.Furthermore, the reference database 142 may be updated and/or modifiedbased on data communicated to the server 140 by the communicationdevices 102 and 104, the SRN 150, the wireless APs 112, the cellular BS114, the WiMAX BS 116, and/or other devices.

The interfacing subsystem 310 may comprise suitable logic, circuitry,interfaces, and/or code that may enable communication of data, content,and/or messaging from and/or to the location server 140. The interfacingsystem 310 may support, for example, a plurality of physical and/orlogical connections, based on one or more wired and/or wirelessinterfaces in the location server 140. In this regard, the interfacingsystem 330 may comprise, for example, one or more network interfacecards (NIC) and/or wireless network interface cards (WNIC).

In operation, the location server 140 may be utilized to providelocation based services (LBS). To facilitate LBS operations and/orservicing via the location server 140, the processor 302 may be operableto communicate, via the interfacing subsystem 310, with the SRN 150, themobile core network 110, and/or the Internet 130 to collect locationrelated data. The processor 302 may utilize the collected locationrelated data to build and/or update the reference database 142, whichmay be coupled internally or externally to the location server 140. Theprocessor 302 may retrieve or collect location related data fromassociated users, such as the communication device 104. The locationserver 140 may provide location related data by retrieving it from thereference database 142. In this regard, the location server 140 maystore the location related data in the reference database 142 aselements that may be indexed using identifiers that are specific toserviced devices and/or users and/or owners thereof. Exemplaryidentifiers comprise LBS account numbers, LBS account usernames, phonenumber of a communication devices associated with LBS accounts, and MACaddresses of a communication devices associated with LBS accounts.

In an exemplary aspect of the invention, the reference database 142 maystore and/or maintain, via the reference database 142 for example, dataand/or information which may be utilized to approve or denytransactions, substantially as described with regard to FIG. 1. Thetransaction related data may be stored into, for example, LBS accounts(also referred to as profiles) maintained via the reference database142. In this regard, when determining whether to approve a transaction,the server 140 may perform device and/or user authentication procedureswith the serviced devices, such as the communication devices 102 and104, and/or with devices requesting the approval, such as the server132.

The location server 140 may enable, via the interfacing subsystem 310,access to LBS accounts such that information associated with an account,such as account rules and/or preferences, may be modified. In thisregard, persons and/or entities which may access an LBS account maycomprise an owner and/or user of a communication device associated withthe LBS account, a credit card company, bank, or other financialinstitution associated with the LBS account, a wireless providerassociated the LBS account, an Internet service provider associated withthe LBS account, and/or any other person and/or entity which has beenassociated with the LBS account through secure and authenticatedmechanisms,

FIG. 4 is a flow chart illustrating exemplary steps for authorizingtransactions based on relative location of devices, in accordance withan embodiment of the invention. Referring to FIG. 4, the exemplary stepsmay begin with step 404 when a transaction, such as online purchaseusing a credit card, is initiated from the communication device 102,where the credit card and/or communication device 102 is associated withan LBS account that is also associated with the communication device104. The attempted purchase may be submitted to the server 132.Subsequent to step 404, the exemplary steps may advance to step 406.

In step 406, the server 132 may send a request to the location server140 for the location server 140 to determine whether to approve thetransaction. Subsequent to step 406, the exemplary steps may advance tostep 408.

In step 407, the location server 140 may access the LBS accountassociated with the communication devices 102 and 104. Based on rulesand/or preference of the LBS account, the location server 140 maydetermine, based on rules, preferences, and/or other information in theLBS account, whether the transaction should be automatically approved.That is, determine whether the transaction should be approved or deniedregardless of the distance between the communication devices 102 and104. In instances that the transaction cannot be automatically approvedor denied, the exemplary steps may advance to step 408. In instancesthat the transaction is to be automatically approved or denied, theexemplary steps may advance to step 412.

In step 408, the location server 140 may determine the distance betweenthe communication devices 102 and 104. In this regard, the locationserver 140 may send a request to one or both of the communicationdevices 102 and 104 via one or more of the wireless AP 112 a, wirelessAP 112 b, the cellular BS 114, and the WiMAX BS 116, and one or both ofthe communication devices 102 and 104 may respond with locationinformation. In this regard, one or both of the communication devices102 and 104 may respond with, for example, the GNSS coordinates of itscurrent location, an RF characterization of its current location,information about distance to the other one of communication devices 102and 104, and/or information about a distance to, or communications with,a transceiver such as one or more of the wireless APs 112, the cellularBS 114, the WiMAX BS 116, and/or the broadcast tower 118. The locationinformation may be communicated via a security subsystem 220 in each ofthe communication devices 102 and 104 such that the location informationmay be trusted by the location server 140. Subsequent to step 408, theexemplary steps may advance to step 410.

In step 410, the location server 140 may determine whether to approvethe transaction based on the distance between the communication devices102 and 104. How the distance between the communication devices 102 and104 factors into the determination may depend on the rules and/orpreferences of the LBS account. For example, the transaction may beapproved in instances that the communication devices 102 and 104 arewithin X feet of each other. In instances that the transaction isapproved based on the distance between the communication devices 102 and104, the exemplary steps may advance to step 412. In step 412, thelocation server 140 may notify the server 132 that the transaction isapproved. In step 414, the transaction may be completed.

Returning to step 410, in instances that the transaction is denied, thelocation server 140 may seek approval of the transaction via anout-of-band channel. For example, the location server 140 may call orsend a message to the communication device 104 requesting manualapproval from the user of the communication device 104. The user mayreply to the message and send his or her approval or denial. Forexample, to approve the transaction, the user may have to provide apassword. In instances that the user denies the transaction, theexemplary steps may advance to step 422. In step 422, the locationserver 140 may notify the server 132 of the denial and the server 132may, in turn, deny the transaction.

Returning to step 418, in instances that the user allows thetransaction, the exemplary steps may advance to step 414 and thetransaction may be completed.

Although various steps and/or functions described with respect to FIG. 4are described as being performed in the location server 140, theinvention need not be so limited. For example, the location server 140may provide location related data to another server or device and suchsteps and/or functions may be performed in that server or device.

Although some devices are referred to as “communication devices” andsome are referred to as “network devices” such terminology is forclarity of description only and is not meant to limit the types orcapabilities of the devices.

Various aspects of a method and system for authorizing transactionsbased on relative location of devices are provided. In an exemplaryembodiment of the invention, data relating to a location of a firstcommunication device 102 and data relating to a location of a secondcommunication device 104 may be received, a distance between the firstcommunication device 102 and the second communication device 104 may bedetermined based on the received data, and whether to approve atransaction may be determined based on the determined distance. Thetransaction may have been initiated from one of the first communicationdevice 102 and the second communication device 102, and may comprise aneed to access an account, such as a financial or Internet-accessibleaccount. The transaction may be approved in instances that the firstcommunication device 102 and the second communication device 104 arewithin a predetermined distance of each other. The received data maycomprise global navigation satellite system (GNSS) coordinates. Thereceived data may comprise distance information determined viacommunications between the first communication device 102 and the secondcommunication device 104. The communications may be between or involve asecurity subsystem 220 in each of the communication devices 102 and 104.The communications between the first communication device 102 and thesecond communication device 104 may be in accordance with Bluetoothand/or IEEE 802.11 standards, for example. The first communicationdevice 102 and the second communication device 104 may be associated, ina database 142, with the account. Whether to approve the transaction maybe determined based on preferences associated, in the database 142, withone or both of the first communication device 102 and the secondcommunication device 104. The transaction may comprise an electronicpayment or funds transfer. Determining whether to approve thetransaction may occur in response to a request from a network device132. A result of the determination of whether to approve the transactionmay be communicated to the network device 132.

Other embodiments of the invention may provide a non-transitory computerreadable medium and/or storage medium, and/or a non-transitory machinereadable medium and/or storage medium, having stored thereon, a machinecode and/or a computer program having at least one code sectionexecutable by a machine and/or a computer, thereby causing the machineand/or computer to perform the steps as described herein for authorizingtransactions based on relative location of devices.

Accordingly, the present invention may be realized in hardware,software, or a combination of hardware and software. The presentinvention may be realized in a centralized fashion in at least onecomputer system, or in a distributed fashion where different elementsare spread across several interconnected computer systems. Any kind ofcomputer system or other apparatus adapted for carrying out the methodsdescribed herein is suited. A typical combination of hardware andsoftware may be a general-purpose computer system with a computerprogram that, when being loaded and executed, controls the computersystem such that it carries out the methods described herein.

The present invention may also be embedded in a computer programproduct, which comprises all the features enabling the implementation ofthe methods described herein, and which when loaded in a computer systemis able to carry out these methods. Computer program in the presentcontext means any expression, in any language, code or notation, of aset of instructions intended to cause a system having an informationprocessing capability to perform a particular function either directlyor after either or both of the following: a) conversion to anotherlanguage, code or notation; b) reproduction in a different materialform.

While the present invention has been described with reference to certainembodiments, it will be understood by those skilled in the art thatvarious changes may be made and equivalents may be substituted withoutdeparting from the scope of the present invention. In addition, manymodifications may be made to adapt a particular situation or material tothe teachings of the present invention without departing from its scope.Therefore, it is intended that the present invention not be limited tothe particular embodiment disclosed, but that the present invention willinclude all embodiments falling within the scope of the appended claims.

1. A method for networking, the method comprising: in a first networkdevice: receiving data relating to a location of a first communicationdevice and data relating to a location of a second communication device;determining a distance between said first communication device and saidsecond communication device based on said received data relating to saidlocation of said first communication device and said received datarelating to said location of said second communication device;determining, based on said determined distance, whether to approve atransaction, wherein said transaction was initiated from one of saidfirst communication device and said second communication device, andsaid transaction comprises a need to access an account; andcommunicating a result of said determining whether to approve saidtransaction.
 2. The method according to claim 1, wherein saidtransaction is approved in instances that said first communicationdevice and said second communication device are within a predetermineddistance of each other.
 3. The method according to claim 1, wherein oneor both of said received data relating to said location of said firstcommunication device and said received data relating to said location ofsaid second communication device comprises global navigation satellitesystem (GNSS) coordinates.
 4. The method according to claim 1, whereinone or both of said received data relating to said location of saidfirst communication device and said received data relating to saidlocation of said second communication device comprises distanceinformation determined via communications between said firstcommunication device and said second communication device.
 5. The methodaccording to claim 4, wherein said communications are in accordance withone or both of Bluetooth standards and IEEE 802.11 standards.
 6. Themethod according to claim 1, wherein said communications are between asecure subsystem within said first communication device and a securesubsystem within said second communication device.
 7. The methodaccording to claim 1, wherein said first communication device and saidsecond communication device are associated, in an database accessible bysaid first network device, with said account.
 8. The method according toclaim 7, wherein whether to approve said transaction is determined basedon preferences associated, in said database, with one or both of saidfirst communication device and said second communication device.
 9. Themethod according to claim 1, wherein said transaction comprises anelectronic payment or funds transfer.
 10. The method according to claim1, wherein said determining whether to approve said transaction occursin response to a request from a second network device.
 11. The methodaccording to claim 10, wherein a result of said determining whether toapprove said transaction is communicated to said second network device.12. A system comprising one or more circuits and/or processors for usein connection with a location server, said one or more circuits and/orprocessors being operable to: receive data relating to a location of afirst communication device and data relating to a location of a secondcommunication device; determine a distance between said firstcommunication device and said second communication device based on saidreceived data relating to said location of said first communicationdevice and said received data relating to said location of said secondcommunication device; determine, based on said determined distance,whether to approve a transaction, wherein said transaction was initiatedfrom one of said first communication device and said secondcommunication device, and said transaction comprises a need to access anaccount; and communicate a result of said determining whether to approvesaid transaction.
 13. The system according to claim 12, wherein saidtransaction is approved in instances that said first communicationdevice and said second communication device are within a predetermineddistance of each other.
 14. The system according to claim 12, whereinone or both of said received data relating to said location of saidfirst communication device and said received data relating to saidlocation of said second communication device comprises global navigationsatellite system (GNSS) coordinates.
 15. The system according to claim12, wherein one or both of said received data relating to said locationof said first communication device and said received data relating tosaid location of said second communication device comprises distanceinformation determined via communications between said firstcommunication device and said second communication device.
 16. Thesystem according to claim 15, wherein said communications are between asecure subsystem within said first communication device and a securesubsystem within said second communication device.
 17. The systemaccording to claim 15, wherein said communications are in accordancewith one or both of Bluetooth standards and IEEE 802.11 standards. 18.The system according to claim 12, wherein said first communicationdevice and said second communication device are associated, in adatabase accessible by said location server, with said account.
 19. Thesystem according to claim 18, wherein whether to approve saidtransaction is determined based on preferences associated, in saiddatabase, with one or both of said first communication device and saidsecond communication device.
 20. The system according to claim 12,wherein said transaction comprises an electronic payment or fundstransfer.
 21. The system according to claim 12, wherein said determiningwhether to approve said transaction occurs in response to a request froma network device.
 22. The system according to claim 21, wherein a resultof said determining whether to approve said transaction is communicatedto said network device.